Added some sanity checks to prevent buffer overflows. SDL-1.2
authorRyan C. Gordon <icculus@icculus.org>
Fri, 30 Dec 2011 04:04:34 -0500
branchSDL-1.2
changeset 6123 ce2493a9cefb
parent 6122 7ba8d4c1b11d
child 6124 f56b95794ac8
Added some sanity checks to prevent buffer overflows. Fixes Bugzilla #1074. (I think.)
src/joystick/linux/SDL_sysjoystick.c
--- a/src/joystick/linux/SDL_sysjoystick.c	Fri Dec 30 04:03:31 2011 -0500
+++ b/src/joystick/linux/SDL_sysjoystick.c	Fri Dec 30 04:04:34 2011 -0500
@@ -935,6 +935,10 @@
 	SDL_logical_joydecl(SDL_Joystick *logicaljoy = NULL);
 	SDL_logical_joydecl(struct joystick_logical_mapping* hats = NULL);
 
+	if (stick->nhats <= hat) {
+		return;  /* whoops, that shouldn't happen! */
+	}
+
 	the_hat = &stick->hwdata->hats[hat];
 	if ( value < 0 ) {
 		value = 0;
@@ -973,6 +977,9 @@
 static __inline__
 void HandleBall(SDL_Joystick *stick, Uint8 ball, int axis, int value)
 {
+	if ((stick->nballs <= ball) || (axis >= 2)) {
+		return;  /* whoops, that shouldn't happen! */
+	}
 	stick->hwdata->balls[ball].axis[axis] += value;
 }